rev.ngFeb 5

🎥 How does rev.ng detect jump table?

In this presentation Ale explains how the rev.ng decompiler detects jump tables and, more in general, how it devirtualizes indirect jumps.

https://www.youtube.com/watch?v=p7od_BiUQk0

- YouTube

Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.

Show threadrev.ngFeb 5
In short, we optimize the code so we have a nice SSA form, build the data-flow graph of the jump destination and analyze the control flow to obtain constraints over certain nodes of the data flow graph.
Show threadrev.ngFeb 5
Finally, we enumerate all the possible values that the jump destination can assume given the constraints we collected.
Show threadrev.ng
The constraints are collected using an extension of an LLVM-provided analysis (`LazyValueInfo`) that can track disjoint ranges of values.
Feb 5 at 3:02pmWeb
Show threadrev.ngFeb 5
Presentation: https://pad.rev.ng/p/nZM078b9C#/
Improving switch handling - HedgeDoc

# Improving `switch` handling ###### tags: `presentation` `hour` `switch` --- # `switch` How are